Merge "Rename bay to cluster in certificate object and references"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
42abb07835
@ -84,11 +84,9 @@ class Certificate(base.APIBase):
|
||||
self.fields.append(field)
|
||||
setattr(self, field, kwargs.get(field, wtypes.Unset))
|
||||
|
||||
# set the attribute for cluster_uuid
|
||||
self.fields.append('cluster_uuid')
|
||||
if 'cluster_uuid' in kwargs.keys():
|
||||
setattr(self, 'cluster_uuid', kwargs.get('cluster_uuid',
|
||||
wtypes.Unset))
|
||||
# set the attribute for bay_uuid for backwards compatibility
|
||||
self.fields.append('bay_uuid')
|
||||
setattr(self, 'bay_uuid', kwargs.get('bay_uuid', self._cluster_uuid))
|
||||
|
||||
def get_cluster(self):
|
||||
if not self._cluster:
|
||||
@ -103,10 +101,10 @@ class Certificate(base.APIBase):
|
||||
|
||||
certificate.links = [link.Link.make_link('self', url,
|
||||
'certificates',
|
||||
certificate.bay_uuid),
|
||||
certificate.cluster_uuid),
|
||||
link.Link.make_link('bookmark', url,
|
||||
'certificates',
|
||||
certificate.bay_uuid,
|
||||
certificate.cluster_uuid,
|
||||
bookmark=True)]
|
||||
return certificate
|
||||
|
||||
|
||||
@ -433,5 +433,5 @@ class TrusteeOrTrustToBayFailed(MagnumException):
|
||||
message = _("Failed to create trustee or trust for Bay: %(bay_uuid)s")
|
||||
|
||||
|
||||
class CertificatesToBayFailed(MagnumException):
|
||||
message = _("Failed to create certificates for Bay: %(bay_uuid)s")
|
||||
class CertificatesToClusterFailed(MagnumException):
|
||||
message = _("Failed to create certificates for Cluster: %(cluster_uuid)s")
|
||||
|
||||
@ -52,11 +52,12 @@ class API(rpc_service.API):
|
||||
|
||||
# CA operations
|
||||
|
||||
def sign_certificate(self, bay, certificate):
|
||||
return self._call('sign_certificate', bay=bay, certificate=certificate)
|
||||
def sign_certificate(self, cluster, certificate):
|
||||
return self._call('sign_certificate', cluster=cluster,
|
||||
certificate=certificate)
|
||||
|
||||
def get_ca_certificate(self, bay):
|
||||
return self._call('get_ca_certificate', bay=bay)
|
||||
def get_ca_certificate(self, cluster):
|
||||
return self._call('get_ca_certificate', cluster=cluster)
|
||||
|
||||
# Versioned Objects indirection API
|
||||
|
||||
|
||||
@ -155,13 +155,13 @@ class Handler(object):
|
||||
# Create trustee/trust and set them to bay
|
||||
trust_manager.create_trustee_and_trust(osc, bay)
|
||||
# Generate certificate and set the cert reference to bay
|
||||
cert_manager.generate_certificates_to_bay(bay, context=context)
|
||||
cert_manager.generate_certificates_to_cluster(bay, context=context)
|
||||
conductor_utils.notify_about_bay_operation(
|
||||
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_PENDING)
|
||||
created_stack = _create_stack(context, osc, bay,
|
||||
bay_create_timeout)
|
||||
except Exception as e:
|
||||
cert_manager.delete_certificates_from_bay(bay, context=context)
|
||||
cert_manager.delete_certificates_from_cluster(bay, context=context)
|
||||
trust_manager.delete_trustee_and_trust(osc, context, bay)
|
||||
conductor_utils.notify_about_bay_operation(
|
||||
context, taxonomy.ACTION_CREATE, taxonomy.OUTCOME_FAILURE)
|
||||
@ -238,7 +238,8 @@ class Handler(object):
|
||||
' deletion.'), stack_id)
|
||||
try:
|
||||
trust_manager.delete_trustee_and_trust(osc, context, bay)
|
||||
cert_manager.delete_certificates_from_bay(bay, context=context)
|
||||
cert_manager.delete_certificates_from_cluster(bay,
|
||||
context=context)
|
||||
bay.destroy()
|
||||
except exception.ClusterNotFound:
|
||||
LOG.info(_LI('The bay %s has been deleted by others.'), uuid)
|
||||
@ -352,8 +353,8 @@ class HeatPoller(object):
|
||||
trust_manager.delete_trustee_and_trust(self.openstack_client,
|
||||
self.context,
|
||||
self.bay)
|
||||
cert_manager.delete_certificates_from_bay(self.bay,
|
||||
context=self.context)
|
||||
cert_manager.delete_certificates_from_cluster(self.bay,
|
||||
context=self.context)
|
||||
self.bay.destroy()
|
||||
except exception.ClusterNotFound:
|
||||
LOG.info(_LI('The bay %s has been deleted by others.')
|
||||
|
||||
@ -31,16 +31,17 @@ class Handler(object):
|
||||
def __init__(self):
|
||||
super(Handler, self).__init__()
|
||||
|
||||
def sign_certificate(self, context, bay, certificate):
|
||||
def sign_certificate(self, context, cluster, certificate):
|
||||
LOG.debug("Creating self signed x509 certificate")
|
||||
signed_cert = cert_manager.sign_node_certificate(bay,
|
||||
signed_cert = cert_manager.sign_node_certificate(cluster,
|
||||
certificate.csr,
|
||||
context=context)
|
||||
certificate.pem = signed_cert
|
||||
return certificate
|
||||
|
||||
def get_ca_certificate(self, context, bay):
|
||||
ca_cert = cert_manager.get_bay_ca_certificate(bay, context=context)
|
||||
certificate = objects.Certificate.from_object_bay(bay)
|
||||
def get_ca_certificate(self, context, cluster):
|
||||
ca_cert = cert_manager.get_cluster_ca_certificate(cluster,
|
||||
context=context)
|
||||
certificate = objects.Certificate.from_object_cluster(cluster)
|
||||
certificate.pem = ca_cert.get_certificate()
|
||||
return certificate
|
||||
|
||||
@ -76,23 +76,23 @@ def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
|
||||
return magnum_cert_ref
|
||||
|
||||
|
||||
def _get_issuer_name(bay):
|
||||
issuer_name = bay.name
|
||||
# When user create a Bay without name, the bay.name is None.
|
||||
# We should use bay.uuid as issuer name.
|
||||
def _get_issuer_name(cluster):
|
||||
issuer_name = cluster.name
|
||||
# When user create a Cluster without name, the cluster.name is None.
|
||||
# We should use cluster.uuid as issuer name.
|
||||
if issuer_name is None:
|
||||
issuer_name = bay.uuid
|
||||
issuer_name = cluster.uuid
|
||||
return issuer_name
|
||||
|
||||
|
||||
def generate_certificates_to_bay(bay, context=None):
|
||||
"""Generate ca_cert and magnum client cert and set to bay
|
||||
def generate_certificates_to_cluster(cluster, context=None):
|
||||
"""Generate ca_cert and magnum client cert and set to cluster
|
||||
|
||||
:param bay: The bay to set CA cert and magnum client cert
|
||||
:param cluster: The cluster to set CA cert and magnum client cert
|
||||
:returns: CA cert uuid and magnum client cert uuid
|
||||
"""
|
||||
try:
|
||||
issuer_name = _get_issuer_name(bay)
|
||||
issuer_name = _get_issuer_name(cluster)
|
||||
|
||||
LOG.debug('Start to generate certificates: %s', issuer_name)
|
||||
|
||||
@ -103,37 +103,37 @@ def generate_certificates_to_bay(bay, context=None):
|
||||
ca_password,
|
||||
context=context)
|
||||
|
||||
bay.ca_cert_ref = ca_cert_ref
|
||||
bay.magnum_cert_ref = magnum_cert_ref
|
||||
cluster.ca_cert_ref = ca_cert_ref
|
||||
cluster.magnum_cert_ref = magnum_cert_ref
|
||||
except Exception:
|
||||
LOG.exception(_LE('Failed to generate certificates for Bay: %s'),
|
||||
bay.uuid)
|
||||
raise exception.CertificatesToBayFailed(bay_uuid=bay.uuid)
|
||||
LOG.exception(_LE('Failed to generate certificates for Cluster: %s'),
|
||||
cluster.uuid)
|
||||
raise exception.CertificatesToClusterFailed(cluster_uuid=cluster.uuid)
|
||||
|
||||
|
||||
def get_bay_ca_certificate(bay, context=None):
|
||||
def get_cluster_ca_certificate(cluster, context=None):
|
||||
ca_cert = cert_manager.get_backend().CertManager.get_cert(
|
||||
bay.ca_cert_ref,
|
||||
resource_ref=bay.uuid,
|
||||
cluster.ca_cert_ref,
|
||||
resource_ref=cluster.uuid,
|
||||
context=context
|
||||
)
|
||||
|
||||
return ca_cert
|
||||
|
||||
|
||||
def get_bay_magnum_cert(bay, context=None):
|
||||
def get_cluster_magnum_cert(cluster, context=None):
|
||||
magnum_cert = cert_manager.get_backend().CertManager.get_cert(
|
||||
bay.magnum_cert_ref,
|
||||
resource_ref=bay.uuid,
|
||||
cluster.magnum_cert_ref,
|
||||
resource_ref=cluster.uuid,
|
||||
context=context
|
||||
)
|
||||
|
||||
return magnum_cert
|
||||
|
||||
|
||||
def create_client_files(bay, context=None):
|
||||
ca_cert = get_bay_ca_certificate(bay, context)
|
||||
magnum_cert = get_bay_magnum_cert(bay, context)
|
||||
def create_client_files(cluster, context=None):
|
||||
ca_cert = get_cluster_ca_certificate(cluster, context)
|
||||
magnum_cert = get_cluster_magnum_cert(cluster, context)
|
||||
|
||||
ca_cert_file = tempfile.NamedTemporaryFile()
|
||||
ca_cert_file.write(ca_cert.get_certificate())
|
||||
@ -150,30 +150,31 @@ def create_client_files(bay, context=None):
|
||||
return ca_cert_file, magnum_key_file, magnum_cert_file
|
||||
|
||||
|
||||
def sign_node_certificate(bay, csr, context=None):
|
||||
def sign_node_certificate(cluster, csr, context=None):
|
||||
ca_cert = cert_manager.get_backend().CertManager.get_cert(
|
||||
bay.ca_cert_ref,
|
||||
resource_ref=bay.uuid,
|
||||
cluster.ca_cert_ref,
|
||||
resource_ref=cluster.uuid,
|
||||
context=context
|
||||
)
|
||||
|
||||
node_cert = x509.sign(csr,
|
||||
_get_issuer_name(bay),
|
||||
_get_issuer_name(cluster),
|
||||
ca_cert.get_private_key(),
|
||||
ca_cert.get_private_key_passphrase())
|
||||
return node_cert
|
||||
|
||||
|
||||
def delete_certificates_from_bay(bay, context=None):
|
||||
"""Delete ca cert and magnum client cert from bay
|
||||
def delete_certificates_from_cluster(cluster, context=None):
|
||||
"""Delete ca cert and magnum client cert from cluster
|
||||
|
||||
:param bay: The bay which has certs
|
||||
:param cluster: The cluster which has certs
|
||||
"""
|
||||
for cert_ref in ['ca_cert_ref', 'magnum_cert_ref']:
|
||||
try:
|
||||
cert_ref = getattr(bay, cert_ref, None)
|
||||
cert_ref = getattr(cluster, cert_ref, None)
|
||||
if cert_ref:
|
||||
cert_manager.get_backend().CertManager.delete_cert(
|
||||
cert_ref, resource_ref=bay.uuid, context=context)
|
||||
cert_ref, resource_ref=cluster.uuid, context=context)
|
||||
except Exception:
|
||||
LOG.warning(_LW("Deleting certs is failed for Bay %s"), bay.uuid)
|
||||
LOG.warning(_LW("Deleting certs is failed for Cluster %s"),
|
||||
cluster.uuid)
|
||||
|
||||
@ -22,24 +22,25 @@ from magnum.objects import base
|
||||
class Certificate(base.MagnumPersistentObject, base.MagnumObject,
|
||||
base.MagnumObjectDictCompat):
|
||||
# Version 1.0: Initial version
|
||||
VERSION = '1.0'
|
||||
# Version 1.1: Rename bay_uuid to cluster_uuid
|
||||
VERSION = '1.1'
|
||||
|
||||
fields = {
|
||||
'project_id': fields.StringField(nullable=True),
|
||||
'user_id': fields.StringField(nullable=True),
|
||||
'bay_uuid': fields.StringField(nullable=True),
|
||||
'cluster_uuid': fields.StringField(nullable=True),
|
||||
'csr': fields.StringField(nullable=True),
|
||||
'pem': fields.StringField(nullable=True),
|
||||
}
|
||||
|
||||
@classmethod
|
||||
def from_object_bay(cls, bay):
|
||||
return cls(project_id=bay.project_id,
|
||||
user_id=bay.user_id,
|
||||
bay_uuid=bay.uuid)
|
||||
def from_object_cluster(cls, cluster):
|
||||
return cls(project_id=cluster.project_id,
|
||||
user_id=cluster.user_id,
|
||||
cluster_uuid=cluster.uuid)
|
||||
|
||||
@classmethod
|
||||
def from_db_bay(cls, bay):
|
||||
return cls(project_id=bay['project_id'],
|
||||
user_id=bay['user_id'],
|
||||
bay_uuid=bay['uuid'])
|
||||
def from_db_cluster(cls, cluster):
|
||||
return cls(project_id=cluster['project_id'],
|
||||
user_id=cluster['user_id'],
|
||||
cluster_uuid=cluster['uuid'])
|
||||
|
||||
@ -359,6 +359,7 @@ extendedKeyUsage = clientAuth
|
||||
|
||||
# magnum ca-show --cluster secure-k8scluster > ca.crt
|
||||
resp = cls.cs.certificates.get(cls.cluster.uuid)
|
||||
|
||||
with open(cls.ca_file, 'w') as f:
|
||||
f.write(resp.pem)
|
||||
|
||||
|
||||
@ -102,7 +102,7 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||
|
||||
def _test_generate_certificates(self,
|
||||
expected_ca_name,
|
||||
mock_bay,
|
||||
mock_cluster,
|
||||
mock_generate_ca_cert,
|
||||
mock_generate_client_cert):
|
||||
expected_ca_password = 'ca-password'
|
||||
@ -116,9 +116,9 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||
expected_ca_password)
|
||||
mock_generate_client_cert.return_value = expected_cert_ref
|
||||
|
||||
cert_manager.generate_certificates_to_bay(mock_bay)
|
||||
self.assertEqual(expected_ca_cert_ref, mock_bay.ca_cert_ref)
|
||||
self.assertEqual(expected_cert_ref, mock_bay.magnum_cert_ref)
|
||||
cert_manager.generate_certificates_to_cluster(mock_cluster)
|
||||
self.assertEqual(expected_ca_cert_ref, mock_cluster.ca_cert_ref)
|
||||
self.assertEqual(expected_cert_ref, mock_cluster.magnum_cert_ref)
|
||||
|
||||
mock_generate_ca_cert.assert_called_once_with(expected_ca_name,
|
||||
context=None)
|
||||
@ -133,11 +133,11 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||
def test_generate_certificates(self, mock_generate_ca_cert,
|
||||
mock_generate_client_cert):
|
||||
expected_ca_name = 'ca-name'
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.name = expected_ca_name
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.name = expected_ca_name
|
||||
|
||||
self._test_generate_certificates(expected_ca_name,
|
||||
mock_bay,
|
||||
mock_cluster,
|
||||
mock_generate_ca_cert,
|
||||
mock_generate_client_cert)
|
||||
|
||||
@ -148,29 +148,29 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||
def test_generate_certificates_without_name(self, mock_generate_ca_cert,
|
||||
mock_generate_client_cert):
|
||||
expected_ca_name = 'ca-uuid'
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.name = None
|
||||
mock_bay.uuid = expected_ca_name
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.name = None
|
||||
mock_cluster.uuid = expected_ca_name
|
||||
|
||||
self._test_generate_certificates(expected_ca_name,
|
||||
mock_bay,
|
||||
mock_cluster,
|
||||
mock_generate_ca_cert,
|
||||
mock_generate_client_cert)
|
||||
|
||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||
'_get_issuer_name')
|
||||
def test_generate_certificates_with_error(self, mock_get_issuer_name):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_get_issuer_name.side_effect = exception.MagnumException()
|
||||
|
||||
self.assertRaises(exception.CertificatesToBayFailed,
|
||||
cert_manager.generate_certificates_to_bay,
|
||||
mock_bay)
|
||||
self.assertRaises(exception.CertificatesToClusterFailed,
|
||||
cert_manager.generate_certificates_to_cluster,
|
||||
mock_cluster)
|
||||
|
||||
@mock.patch('magnum.common.x509.operations.sign')
|
||||
def test_sign_node_certificate(self, mock_x509_sign):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.uuid = "mock_bay_uuid"
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.uuid = "mock_cluster_uuid"
|
||||
mock_ca_cert = mock.MagicMock()
|
||||
mock_ca_cert.get_private_key.return_value = mock.sentinel.priv_key
|
||||
passphrase = mock.sentinel.passphrase
|
||||
@ -179,21 +179,22 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||
mock_csr = mock.MagicMock()
|
||||
mock_x509_sign.return_value = mock.sentinel.signed_cert
|
||||
|
||||
bay_ca_cert = cert_manager.sign_node_certificate(mock_bay, mock_csr)
|
||||
cluster_ca_cert = cert_manager.sign_node_certificate(mock_cluster,
|
||||
mock_csr)
|
||||
|
||||
self.CertManager.get_cert.assert_called_once_with(
|
||||
mock_bay.ca_cert_ref, resource_ref=mock_bay.uuid,
|
||||
mock_cluster.ca_cert_ref, resource_ref=mock_cluster.uuid,
|
||||
context=None)
|
||||
mock_x509_sign.assert_called_once_with(mock_csr, mock_bay.name,
|
||||
mock_x509_sign.assert_called_once_with(mock_csr, mock_cluster.name,
|
||||
mock.sentinel.priv_key,
|
||||
passphrase)
|
||||
self.assertEqual(mock.sentinel.signed_cert, bay_ca_cert)
|
||||
self.assertEqual(mock.sentinel.signed_cert, cluster_ca_cert)
|
||||
|
||||
@mock.patch('magnum.common.x509.operations.sign')
|
||||
def test_sign_node_certificate_without_bay_name(self, mock_x509_sign):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.name = None
|
||||
mock_bay.uuid = "mock_bay_uuid"
|
||||
def test_sign_node_certificate_without_cluster_name(self, mock_x509_sign):
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.name = None
|
||||
mock_cluster.uuid = "mock_cluster_uuid"
|
||||
mock_ca_cert = mock.MagicMock()
|
||||
mock_ca_cert.get_private_key.return_value = mock.sentinel.priv_key
|
||||
passphrase = mock.sentinel.passphrase
|
||||
@ -202,67 +203,70 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||
mock_csr = mock.MagicMock()
|
||||
mock_x509_sign.return_value = mock.sentinel.signed_cert
|
||||
|
||||
bay_ca_cert = cert_manager.sign_node_certificate(mock_bay, mock_csr)
|
||||
cluster_ca_cert = cert_manager.sign_node_certificate(mock_cluster,
|
||||
mock_csr)
|
||||
|
||||
self.CertManager.get_cert.assert_called_once_with(
|
||||
mock_bay.ca_cert_ref, resource_ref=mock_bay.uuid, context=None)
|
||||
mock_x509_sign.assert_called_once_with(mock_csr, mock_bay.uuid,
|
||||
mock_cluster.ca_cert_ref, resource_ref=mock_cluster.uuid,
|
||||
context=None)
|
||||
mock_x509_sign.assert_called_once_with(mock_csr, mock_cluster.uuid,
|
||||
mock.sentinel.priv_key,
|
||||
passphrase)
|
||||
self.assertEqual(mock.sentinel.signed_cert, bay_ca_cert)
|
||||
self.assertEqual(mock.sentinel.signed_cert, cluster_ca_cert)
|
||||
|
||||
def test_get_bay_ca_certificate(self):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.uuid = "mock_bay_uuid"
|
||||
def test_get_cluster_ca_certificate(self):
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.uuid = "mock_cluster_uuid"
|
||||
mock_ca_cert = mock.MagicMock()
|
||||
self.CertManager.get_cert.return_value = mock_ca_cert
|
||||
|
||||
bay_ca_cert = cert_manager.get_bay_ca_certificate(mock_bay)
|
||||
cluster_ca_cert = cert_manager.get_cluster_ca_certificate(mock_cluster)
|
||||
|
||||
self.CertManager.get_cert.assert_called_once_with(
|
||||
mock_bay.ca_cert_ref, resource_ref=mock_bay.uuid, context=None)
|
||||
self.assertEqual(mock_ca_cert, bay_ca_cert)
|
||||
mock_cluster.ca_cert_ref, resource_ref=mock_cluster.uuid,
|
||||
context=None)
|
||||
self.assertEqual(mock_ca_cert, cluster_ca_cert)
|
||||
|
||||
def test_delete_certtificate(self):
|
||||
mock_delete_cert = self.CertManager.delete_cert
|
||||
expected_cert_ref = 'cert_ref'
|
||||
expected_ca_cert_ref = 'ca_cert_ref'
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.uuid = "mock_bay_uuid"
|
||||
mock_bay.ca_cert_ref = expected_ca_cert_ref
|
||||
mock_bay.magnum_cert_ref = expected_cert_ref
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.uuid = "mock_cluster_uuid"
|
||||
mock_cluster.ca_cert_ref = expected_ca_cert_ref
|
||||
mock_cluster.magnum_cert_ref = expected_cert_ref
|
||||
|
||||
cert_manager.delete_certificates_from_bay(mock_bay)
|
||||
cert_manager.delete_certificates_from_cluster(mock_cluster)
|
||||
mock_delete_cert.assert_any_call(expected_ca_cert_ref,
|
||||
resource_ref=mock_bay.uuid,
|
||||
resource_ref=mock_cluster.uuid,
|
||||
context=None)
|
||||
mock_delete_cert.assert_any_call(expected_cert_ref,
|
||||
resource_ref=mock_bay.uuid,
|
||||
resource_ref=mock_cluster.uuid,
|
||||
context=None)
|
||||
|
||||
def test_delete_certtificate_if_raise_error(self):
|
||||
mock_delete_cert = self.CertManager.delete_cert
|
||||
expected_cert_ref = 'cert_ref'
|
||||
expected_ca_cert_ref = 'ca_cert_ref'
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.ca_cert_ref = expected_ca_cert_ref
|
||||
mock_bay.magnum_cert_ref = expected_cert_ref
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.ca_cert_ref = expected_ca_cert_ref
|
||||
mock_cluster.magnum_cert_ref = expected_cert_ref
|
||||
|
||||
mock_delete_cert.side_effect = ValueError
|
||||
|
||||
cert_manager.delete_certificates_from_bay(mock_bay)
|
||||
cert_manager.delete_certificates_from_cluster(mock_cluster)
|
||||
mock_delete_cert.assert_any_call(expected_ca_cert_ref,
|
||||
resource_ref=mock_bay.uuid,
|
||||
resource_ref=mock_cluster.uuid,
|
||||
context=None)
|
||||
mock_delete_cert.assert_any_call(expected_cert_ref,
|
||||
resource_ref=mock_bay.uuid,
|
||||
resource_ref=mock_cluster.uuid,
|
||||
context=None)
|
||||
|
||||
def test_delete_certtificate_without_cert_ref(self):
|
||||
mock_delete_cert = self.CertManager.delete_cert
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.ca_cert_ref = None
|
||||
mock_bay.magnum_cert_ref = None
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.ca_cert_ref = None
|
||||
mock_cluster.magnum_cert_ref = None
|
||||
|
||||
cert_manager.delete_certificates_from_bay(mock_bay)
|
||||
cert_manager.delete_certificates_from_cluster(mock_cluster)
|
||||
self.assertFalse(mock_delete_cert.called)
|
||||
|
||||
@ -173,7 +173,7 @@ class TestHandler(db_base.DbTestCase):
|
||||
@patch('magnum.conductor.handlers.bay_conductor._create_stack')
|
||||
@patch('magnum.common.clients.OpenStackClients')
|
||||
def test_create(self, mock_openstack_client_class,
|
||||
mock_create_stack, mock_cert_manager, mock_trust_manager,
|
||||
mock_create_stack, mock_cm, mock_trust_manager,
|
||||
mock_heat_poller_class):
|
||||
timeout = 15
|
||||
mock_poller = mock.MagicMock()
|
||||
@ -210,7 +210,7 @@ class TestHandler(db_base.DbTestCase):
|
||||
mock_create_stack.assert_called_once_with(self.context,
|
||||
mock.sentinel.osc,
|
||||
self.bay, timeout)
|
||||
mock_cert_manager.generate_certificates_to_bay.assert_called_once_with(
|
||||
mock_cm.generate_certificates_to_cluster.assert_called_once_with(
|
||||
self.bay, context=self.context)
|
||||
self.assertEqual(bay_status.CREATE_IN_PROGRESS, bay.status)
|
||||
mock_trust_manager.create_trustee_and_trust.assert_called_once_with(
|
||||
@ -234,7 +234,7 @@ class TestHandler(db_base.DbTestCase):
|
||||
self.bay, timeout
|
||||
)
|
||||
|
||||
gctb = mock_cert_manager.generate_certificates_to_bay
|
||||
gctb = mock_cert_manager.generate_certificates_to_cluster
|
||||
if is_create_cert_called:
|
||||
gctb.assert_called_once_with(self.bay, context=self.context)
|
||||
else:
|
||||
@ -245,7 +245,7 @@ class TestHandler(db_base.DbTestCase):
|
||||
else:
|
||||
ctat.assert_not_called()
|
||||
|
||||
mock_cert_manager.delete_certificates_from_bay(self.bay)
|
||||
mock_cert_manager.delete_certificates_from_cluster(self.bay)
|
||||
mock_trust_manager.delete_trustee_and_trust.assert_called_once_with(
|
||||
osc, self.context, self.bay)
|
||||
|
||||
@ -283,14 +283,14 @@ class TestHandler(db_base.DbTestCase):
|
||||
def test_create_with_cert_failed(self, mock_openstack_client_class,
|
||||
mock_cert_manager,
|
||||
mock_trust_manager):
|
||||
e = exception.CertificatesToBayFailed(bay_uuid='uuid')
|
||||
mock_cert_manager.generate_certificates_to_bay.side_effect = e
|
||||
e = exception.CertificatesToClusterFailed(cluster_uuid='uuid')
|
||||
mock_cert_manager.generate_certificates_to_cluster.side_effect = e
|
||||
|
||||
self._test_create_failed(
|
||||
mock_openstack_client_class,
|
||||
mock_cert_manager,
|
||||
mock_trust_manager,
|
||||
exception.CertificatesToBayFailed
|
||||
exception.CertificatesToClusterFailed
|
||||
)
|
||||
|
||||
notifications = fake_notifier.NOTIFICATIONS
|
||||
@ -453,9 +453,9 @@ class TestHandler(db_base.DbTestCase):
|
||||
'magnum.bay.delete', notifications[1].event_type)
|
||||
self.assertEqual(
|
||||
taxonomy.OUTCOME_SUCCESS, notifications[1].payload['outcome'])
|
||||
self.assertEqual(1,
|
||||
cert_manager.delete_certificates_from_bay.call_count)
|
||||
# The bay has been destroyed
|
||||
self.assertEqual(
|
||||
1, cert_manager.delete_certificates_from_cluster.call_count)
|
||||
# The cluster has been destroyed
|
||||
self.assertRaises(exception.ClusterNotFound,
|
||||
objects.Bay.get, self.context, self.bay.uuid)
|
||||
|
||||
@ -481,8 +481,8 @@ class TestHandler(db_base.DbTestCase):
|
||||
'magnum.bay.delete', notifications[1].event_type)
|
||||
self.assertEqual(
|
||||
taxonomy.OUTCOME_FAILURE, notifications[1].payload['outcome'])
|
||||
self.assertEqual(0,
|
||||
cert_manager.delete_certificates_from_bay.call_count)
|
||||
self.assertEqual(
|
||||
0, cert_manager.delete_certificates_from_cluster.call_count)
|
||||
|
||||
|
||||
class TestHeatPoller(base.TestCase):
|
||||
@ -738,8 +738,8 @@ class TestHeatPoller(base.TestCase):
|
||||
mock_heat_stack, bay, poller = self.setup_poll_test()
|
||||
poller._delete_complete()
|
||||
self.assertEqual(1, bay.destroy.call_count)
|
||||
self.assertEqual(1,
|
||||
cert_manager.delete_certificates_from_bay.call_count)
|
||||
self.assertEqual(
|
||||
1, cert_manager.delete_certificates_from_cluster.call_count)
|
||||
self.assertEqual(1,
|
||||
trust_manager.delete_trustee_and_trust.call_count)
|
||||
|
||||
|
||||
@ -25,34 +25,34 @@ class TestSignConductor(base.TestCase):
|
||||
|
||||
@mock.patch.object(ca_conductor, 'cert_manager')
|
||||
def test_sign_certificate(self, mock_cert_manager):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_certificate = mock.MagicMock()
|
||||
mock_certificate.csr = 'fake-csr'
|
||||
mock_cert_manager.sign_node_certificate.return_value = 'fake-pem'
|
||||
|
||||
actual_cert = self.ca_handler.sign_certificate(self.context,
|
||||
mock_bay,
|
||||
mock_cluster,
|
||||
mock_certificate)
|
||||
|
||||
mock_cert_manager.sign_node_certificate.assert_called_once_with(
|
||||
mock_bay, 'fake-csr', context=self.context
|
||||
mock_cluster, 'fake-csr', context=self.context
|
||||
)
|
||||
self.assertEqual('fake-pem', actual_cert.pem)
|
||||
|
||||
@mock.patch.object(ca_conductor, 'cert_manager')
|
||||
def test_get_ca_certificate(self, mock_cert_manager):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.uuid = 'bay-uuid'
|
||||
mock_bay.user_id = 'user-id'
|
||||
mock_bay.project_id = 'project-id'
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.uuid = 'cluster-uuid'
|
||||
mock_cluster.user_id = 'user-id'
|
||||
mock_cluster.project_id = 'project-id'
|
||||
mock_cert = mock.MagicMock()
|
||||
mock_cert.get_certificate.return_value = 'fake-pem'
|
||||
mock_cert_manager.get_bay_ca_certificate.return_value = mock_cert
|
||||
mock_cert_manager.get_cluster_ca_certificate.return_value = mock_cert
|
||||
|
||||
actual_cert = self.ca_handler.get_ca_certificate(self.context,
|
||||
mock_bay)
|
||||
mock_cluster)
|
||||
|
||||
self.assertEqual(mock_bay.uuid, actual_cert.bay_uuid)
|
||||
self.assertEqual(mock_bay.user_id, actual_cert.user_id)
|
||||
self.assertEqual(mock_bay.project_id, actual_cert.project_id)
|
||||
self.assertEqual(mock_cluster.uuid, actual_cert.cluster_uuid)
|
||||
self.assertEqual(mock_cluster.user_id, actual_cert.user_id)
|
||||
self.assertEqual(mock_cluster.project_id, actual_cert.project_id)
|
||||
self.assertEqual('fake-pem', actual_cert.pem)
|
||||
|
||||
@ -28,7 +28,8 @@ class RPCAPITestCase(base.DbTestCase):
|
||||
def setUp(self):
|
||||
super(RPCAPITestCase, self).setUp()
|
||||
self.fake_bay = dbutils.get_test_bay(driver='fake-driver')
|
||||
self.fake_certificate = objects.Certificate.from_db_bay(self.fake_bay)
|
||||
self.fake_certificate = objects.Certificate.from_db_cluster(
|
||||
self.fake_bay)
|
||||
self.fake_certificate.csr = 'fake-csr'
|
||||
|
||||
def _test_rpcapi(self, method, rpc_method, **kwargs):
|
||||
@ -106,11 +107,11 @@ class RPCAPITestCase(base.DbTestCase):
|
||||
self._test_rpcapi('sign_certificate',
|
||||
'call',
|
||||
version='1.0',
|
||||
bay=self.fake_bay,
|
||||
cluster=self.fake_bay,
|
||||
certificate=self.fake_certificate)
|
||||
|
||||
def test_get_ca_certificate(self):
|
||||
self._test_rpcapi('get_ca_certificate',
|
||||
'call',
|
||||
version='1.0',
|
||||
bay=self.fake_bay)
|
||||
cluster=self.fake_bay)
|
||||
|
||||
@ -364,7 +364,7 @@ class TestObject(test_base.TestCase, _TestObject):
|
||||
object_data = {
|
||||
'Bay': '1.7-88cb12f991721fe31602dc3fd7acd654',
|
||||
'BayModel': '1.15-9b961246b348aa380783dae14014e423',
|
||||
'Certificate': '1.0-2aff667971b85c1edf8d15684fd7d5e2',
|
||||
'Certificate': '1.1-1924dc077daa844f0f9076332ef96815',
|
||||
'MyObj': '1.0-b43567e512438205e32f4e95ca616697',
|
||||
'MyObj': '1.0-34c4b1aadefd177b13f9a2f894cc23cd',
|
||||
'X509KeyPair': '1.2-d81950af36c59a71365e33ce539d24f9',
|
||||
|
||||
Loading…
Reference in New Issue
Block a user